Perform Decentralized Periodic User Access Reviews with SAP BusinessObjects Access Control 5.3

  • by Frank Rambo, PhD, Director, Customer Solution Adoption (CSA), EMEA
  • August 11, 2009
SAP BusinessObjects Access Control identifies and prevents access and authorization risks in cross-enterprise IT systems to prevent fraud and reduce the cost of continuous compliance and control. The User Access Review (UAR) feature of SAP BusinessObjects Access Control 5.3 automates and documents the periodic decentralized user access review by business managers or role owners. It provides a workflow-based review and approval process. Follow a process flow during a UAR to see its business benefits, configuration, recommended usage of the feature, and workflow options.
Key Concept

The User Access Review (UAR) feature was first introduced in SAP BusinessObjects Access Control 5.3 and enhanced in some aspects with Support Package 6. UAR requires configuration in multiple SAP BusinessObjects Access Control product capabilities, including Risk Analysis and Remediation, Enterprise Role Management, and Compliant User Provisioning (CUP). A prerequisite for a manager-driven UAR is a user details data source available in CUP to provide the manager relationship for the users included in the review. This data source may be an SAP ERP Human Capital Management system or a Lightweight Directory Access Protocol (LDAP) directory.

The User Access Review (UAR) feature enables companies to conduct a streamlined internal control process on a periodic basis that includes collaboration among line managers, internal control, and information security teams. UAR improves visibility of access granted to business systems and improves overall information security. The key features of UAR in SAP BusinessObjects Access Control 5.3 are:

  • An automated request- and workflow-based process for review and approval
  • A decentralized review of user access conducted by responsible line managers or role owners
  • Role usage information facilitates decision taking for the reviewers
  • Automatic role de-provisioning, if desired by the user
  • Status and history reports to assist in monitoring the review progress
  • Audit trail and reports for supporting internal and external audits
  • Support for back-end systems integrated with SAP BusinessObjects Access Control through Real Time Agents (RTA) as well as legacy systems

Frank Rambo, PhD

Frank Rambo, PhD, is managing a team within SAP’s Customer Solution Adoption (CSA) organization working with customers in the SAP analytics area with the objective to drive adoption of new, innovative solutions. Prior to this position, he worked eight years for SAP Germany as a senior consultant focusing on SAP security and identity management. Before he joined SAP in 1999, Frank worked as a physicist in an international research team. He lives in Hamburg, Germany.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.